Azure Active Directory best practices for monitoring

Eddie_Hernandez 1 Reputation point
2021-08-06T22:03:25.637+00:00

Hello. I've been tasked with figuring out what security related events we're collecting in Azure Active Directory, then finding the difference between that and best practices. The goal being to pull those events to our external monitoring tool using the Graph API.

Is there a 'Best Practices' list of events for Azure AD?

It seems like I can only send certain event categories to a workspace for the API to pull from, is there no way to send specific events to a workspace?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,661 questions
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2021-08-12T23:04:57.063+00:00

    Hi @Eddie_Hernandez , there aren't any official "Best practices" per say, as it differs depending on what your application is. Most people use sign in logs the most but other than that it's up to you. Can you explain more by what you mean about sending specific events to a workspace?

    Thank you,
    James


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.